Credentials troubleshooting

Credentials troubleshooting

Credentials troubleshooting

Review the <credentials_debug> section of the ECC queue payload to
troubleshoot issues with credentials.

Certain probes support credential debugging, starting with the Istanbul release.
Credential debugging inserts a <credentials_debug> section in the payload
that the MID Server returns to the instance ECC queue. You can view the
<credentials_debug> section to see detailed information about the
credential lookup.

You set the credentials_debug parameter to true for the
WMIRunner,
PowerShell or
SSHCommand probes. If
you set the parameter to true, the <credentials_debug> section
appears even if the credential lookup is successful.

The <credentials_debug> section shows:

Information about the credential search, such as the credential types, tags, and
affinities.

The IP address targeted.

Information about each credential (in order) that the MID server used, including the
type, classification, tag, name, Sys ID, and external credential ID if present.

Figure 1. Sample payload showing invalid credentials

Additional details appear for PowerShell and SSHCommand:

For the PowerShell parameter:

If the local MID Server credentials were used after all the Windows credentials
failed, and also if that succeeded.

If the credential search was skipped because the target IP is blacklisted.

If the target IP was added to the blacklist.

Note: The MID Server saves IP addresses for failed credential searches in a blacklist in
cache memory. This blacklist specifies which devices the MID Server should stop trying to
access. By default, the IP addresses stay on the blacklist for five minutes, or until the
credentials change or the MID Server is restarted, which clears the cache. You cannot
change this time length.